Over the past few months we have received a spate of computer related questions in GQ, most of which can be solved by solutions given in this thread.
The entire thread may be too long to read through, so please read through at least the first few posts in this thread before attempting to start a new thread in GQ. If you believe that the solutions listed here do not apply to you, or you have attempted them and have further messed up your computer, or if you are unsure about how to proceed, feel free to start a new thread in GQ. But, please, first read this.
Here are some of the most common Questions & Answers:
Q. My Computer is messed up. I think I have some spyware. My browser is hijacked.
A. Download and run the following software:
Microsoft Windows Defender (Beta 2)
Please beware of fake sites listing the above software. Run at least AdAware and Spybot to check for spyware, adware and other malware.
Sometimes, after running the above software, you may find that your Internet connection stops working. If this is the case, run LSPFix:
http://www.cexx.org/lspfix.htm
Please download LSPFix.exe before running AdAware or Spybot.
Update your anti-virus software and anti-virus definitions, and run a full scan of your computer using your anti-virus software. If you do not have any anti-virus software installed, download and run AVG Free anti-virus:
If none of the above helps your situation:
- Read the rest of this OP
- Read through some of the other posts in this thread
- If your issue seems spyware/adware related, run HijackThis and post your logs to the SpywareInfo Forums (details given below)
- Post a question in GQ if none of this applies to your situation
Note to members: Please add relevant Questions & Answers to this thread. This thread is intended as a reference for members with common computer related problems. Posts may be edited for clarity, redundancy, etc.
Thank you.
= = =
One of our members, Dead Badger, has very kindly put together a detailed explanation in this thread. I am repeating it here in the OP:
[Originally posted by Dead Badger]:
1) General security
As suggested by others, you really need two things:
Antivirus software - staple stuff, these programs scan downloaded files, periodically check your whole PC, and most will also plug into your email to scan incoming messages; they generally don’t fix spyware, however. Others have already pointed out the main options:
[ul]
[li]AVG Antivirus (free version available)[/li][li]Sophos Antivirus[/li][li]Norton Antivirus[/li][li]Trend Micro online scanner (free, no installation required)[/li][/ul]
Firewall software - This monitors and controls internet connections coming into and going out of your computer. The latter may not sound so important, but it’s actually quite interesting to find out how many programs dial home, many of them completely unnecessarily. Again, others have pointed out the main options, and fortunately the best are free:
[ul]
[li]Zone Alarm (free version available)[/li][li]Sygate Personal Firewall (free version available)[/li][/ul]
Also available are the usual products from Norton and others, which are not available for free and (in my personal experience) aren’t as nice. Both of the above can be either set up to automatically decide whether a program is safe or not, or can be set to pop up a box every time a new program tries to access the web, letting you decided if it’s allowed. Both will automatically detect and prevent incoming naughty traffic with no effort on the user’s part.
These two types of software will protect your computer from most nasties, given regular updates. They won’t, however, protect you from…
2) Spyware/Adware
What is it?
Horrible little programs much like viruses, that inhabit your PC and screw with your web browsing experience in order to steal your personal details, funnel you towards bad commercial sites or worse, porn, and generally make you think that Bad Men With Sticks are responsible for computers everywhere.
How do I know if I have it?:
Common symptoms include, but are not limited to:
[ul][li]Huge numbers of popups, even when not browsing the web[/li][li]Google/Yahoo/other search page gives weird results, mostly adverts, or leads somewhere else entirely[/li][li]Constantly redirected to porn/advert/porn advert sites[/li][li]Generally slow computer, particularly web browsing[/li][/ul]
This list can’t even begin to be exhaustive, since there seems to be no limit to what spyware designers think of next - however as a general rule if your internet browsing is doing something weird, if you’re constantly seeing adverts or you end up at pages that you don’t think you tried to get to, you may well have spyware.
How did it get here?
Mostly via Internet Explorer, to be honest, the main culprit being “ActiveX”, which (loosely speaking) is a method implemented by Microsoft to allow websites to execute software on your local machine. Some spyware pops up windows to ask if you want it to be installed. Some will pop up confusing windows talking about voting for the site you’re visiting, or indeed any variation on a theme to get you to click “yes” on a dialog box. The first thing is not to click a button on any dialog box you don’t trust. A safer way to get rid of them is to close them with the “X” button in the top right. However, some spyware seems to be able to install itself without asking you first. It’d also be nice not to have to avoid these message boxes all the time.
How can I stop it?
There are several options, some more drastic than others:
[ul][li]Increase Internet Explorer security.[/li]
You want to stop ActiveX from being so free and easy with your computer. You can find the relevant option by opening IE and going to “Tools…Internet Options…Security” and clicking the “custom level” tab. You’ll find a list of check boxes; there are about 4 relating to ActiveX, and by switching them all to “Disable”, most spyware will be prevented from being installed. Be aware, however, that there are some bona fide websites which also use ActiveX whose function will be curtailed. Most likely will be internet banking sites. It’s up to you.
[li]Install a blocker.[/li]
SpyWare Blaster is a program that runs on your PC and prevents spyware from being installed in the first place. This is basically a more sophisticated version of the above method. SpyWare Blaster maintains a list of known spyware ActiveX IDs (much like antivirus software does with viruses), and blocks them from running. This way, you can continue to allow innocent ActiveX webpages to operate. The downside is that, just like antivirus programs, it will require regular updates and relies on the list of known spyware being accurate. I haven’t used it, so can’t say how effective it is.
[li]Stop using Internet Explorer.[/li]
A bit more drastic for many users, this is (in my opinion) the most effective option. Alternative browsers have been listed by Hodge, and like him I highly recommend Opera, although others swear by Mozilla and FireFox. The reason alternative browsers protect you is that they don’t use ActiveX. This way, you can leave Internet Explorer with ActiveX enabled in order to access things like banking websites, but use the safe browser of your choice for everyday browsing. This is what I do, for what it’s worth.[/ul]
I’ve got it, how do I get rid of it?
Take the following steps, in order:
[1] Download, install and run both Ad-Aware and Spybot Search&Destroy. These are the virus scanners of the spyware world, and both scan your computer looking for files that they know are spyware. It’s important to run both, because each can detect certain things that the other doesn’t. Remember to update them both before running, just like you would with a virus-checker. See xash’s post about LSPfix.exe to remedy possible problems caused by these programs.
[2] If symptoms still persist, download and run (link deleted), a tool specifically designed to detect and remove CoolWebSearch, a particularly nasty strain of spyware with lots of nasty variants. You can run the program in “scan” mode first, if you don’t want it to try and automatically remove something you’re not sure is even there.
[3] If there’s still something dubious going on, it’s manual removal time. From the same wonderful people who make CWShredder comes the much more complicated (link deleted). This works because a lot of spyware registers itself as what’s called a “Browser Helper Object”, or BHO for short. HijackThis doesn’t detect spyware, it just lists all the programs that claim to be BHOs. An experienced user can then pick out the ones that are causing problems. The best thing to do is to run the program and post the output to a forum full of experts. The SDMB probably isn’t the best for this purpose (I certainly can’t claim to be able to accurately read these logs). Post your log at the (link deleted), and friendly types will be along shortly to help you out.
[4] If you’re feeling particularly brave, then the same guy who wrote CWShredder and HijackThis also provides (link deleted), a program that lets you search a list of all known BHOs, which can enable you to try and decide for yourself is a BHO is nasty. HijackThis can then remove the offending object. I don’t really recommend doing this unless you’re completely confident you know what you’re doing, or have a particular dislike for your computer.
Why don’t you have a section called “misc”?
Ha! Here it is.
Hosts file: It’s possible you might still be getting directed to weird websites even though no spyware tool reports anything dodgy. Why is this? Well, some spyware modifies a file on your computer called simply “hosts”, usually found at
c:\windows\system32\drivers\etc\hosts
You can open this file in Notepad, it’s just plain text. What it does is stores a permanent record of IP addresses that correspond to certain website URLs. This is handy for commonly visited sites, as your computer doesn’t have to go looking to find the IP address of that site; it has it stored in a convenient place. However, this also gives spyware writers a handy tool against you. Some spyware modifies your hosts file by adding lines like
google.com 10.0.0.1
where “10.0.0.1” could be any IP address, pointing to any website. To fix this, simply delete the offending lines from the hosts file. If you want to be careful, you can test out the IP addresses by pasting them into your browser; however be warned that this will take you to the dodgy sites, if they are in fact dodgy. If you want to be sure you’ve got rid of everything nasty, then don’t worry - your computer will work perfectly well with a completely blank hosts file.
Alternatively, you can download a custom hosts file (for example from here), which blocks a lot of advertising sites by pointing them at a non-existent IP address. Simply replace your hosts file with the downloaded version, and presto, a whole bunch of ad sites are automatically blocked. This is quite neat, but a lot of the custom hosts files you’ll find are a bit over-zealous in which sites they define as being advertising. Use with care.
[/originally posted by Dead Badger]
-xash
General Questions Moderator
And, of course, I look at whatever new stuff he’s got there.